​How the security and operations gap is threatening your business

Author: David Carless, Specialist, Cloud and Automation, BMC Software

While they may be the most publicised, hackers aren’t the only security threat facing large enterprises today. Some of the biggest risks come from outdated and poorly synchronised internal procedures that thwart efforts to respond quickly at the time of a breach.

Analysts are calling this the ‘SecOps gap’- a critical breakdown in communication between the security and IT operations teams that can have significant implications to businesses, exposing them to unnecessary risks and system downtime.

As outlined in a recent report from Forbes and BMC, an organisation’s security arsenal is determined by the strength of its IT and security departments combined; their united front fundamental to planning for and identifying risks before they arise. In reality though, conflicting responsibilities and varying performance metrics mean their individual goals are misaligned.

The need to improve coordination between security and IT operations teams is far from being an academic exercise. Without the right processes in place, vulnerabilities take longer to remediate, labour costs in both departments can increase, patches can be poorly applied, and organisations are more vulnerable to slip-ups in regulatory compliance.

Building a unified security front requires today’s enterprises to create a game plan that considers technology, people and processes and how they correlate. Operations and security need to understand the requirements and concerns of the other and in many cases, implement a formal strategy to do so.

The skilled people that compose the security and operations departments can benefit greatly from having internal reporting structures that create common goals for making business systems more secure, more reliable and in compliance with regulations.

Those organisations leading the way in closing the SecOps gap are rethinking internal reporting structures, breaking down departmental boundaries, rewriting job descriptions and creating new compensation packages, all with an eye toward forging closer ties between security and operations. For example, maintaining a disciplined patch management schedule may become a new responsibility that IT operations shares with security, while security team members are evaluated by how clearly they prioritise patch rollouts.

These organisations are also identifying in advance, which systems to prioritise first at the time of a breach. In some cases, what may seem like a high priority to security people may not be viewed that way by the operations team, given this department’s focus on uptime and performance. Without any guidance from the security team about what’s critical and what can safely be deployed during regularly scheduled maintenance, the ops team can easily become frustrated. So by understanding that these frustrations exist, many forward-thinking organisations create an action plan and priority schedule before a security crisis erupts.

At a glance, closing the SecOps gap requires a combination of the following:

  • Cultivate a culture of security awareness that encourages all employees to consider security implications before engaging in a new activity.
  • Quantify returns on investments for security, uptime and compliance using custom metrics that account for the unique characteristics of each asset.

Create cross-functional working groups to share security and operations concerns and foster greater understanding of each other’s roles.

Replace error-prone manual processes with intelligent compliance and security platforms that automate the testing and rollout of security patches and provide centralized information management tools.

Develop collaborative workflow processes that smooth the interactions of security, IT operations and compliance personnel.

Read more: Better bug-bounty reports helped Facebook hone in on 2015's surge in critical flaws

Whether viewed from a security, operational or compliance perspective, SecOps alignment is essential

to ensure modern enterprises perform at levels required in today’s competitive marketplace. Along with the challenges that SecOps represents, it also presents an important opportunity—by working to close the SecOps gap, the two teams can more successfully meet their individual goals and improve the overall success of their business.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackerssecurity threatOpinionsIT operations teamssecurityforbesSecOpsBMC SoftwareCSO Australia

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Carless

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place